Detection & Response Engineer (automation-focused)

About This Offer

We’re expanding our Detection & Response capability and looking for engineers who detect, respond, and build.As part of the job, you will focus not only on detecting and responding to threats, but also on automating repetitive work and improving service reliability. The goal isn’t to “work harder at the same tasks,” but to remove recurring manual work and make operations smoother—day or night.

You’ll work primarily through our SOAR platform and, when needed, in source tools (e.g., EDR/XDR, SIEM, identity and cloud). Your improvements won’t stay in a slide deck—they’ll be shipped to production and scaled across customers.

Who We Think Will Be a Great Fit

If these points resonate with you, you will seamlessly integrate into our team and thrive:

1. Terms like C2 Frameworks, malware analysis, process injection, telemetry , EDR, and APT excite you, and you’re eager to engage with these concepts daily.

2. You’re curious about attacker TTPs and comfortable turning that knowledge into practical detections and safeguards.

3. You are an avid learner who keeps up with the latest developments, regularly exploring resources like /r/netsec or other security-focused publications to stay informed.

4. You learn fast, share knowledge, and collaborate well—team sport over solo heroics.

5. You treat repetitive work as a signal to design a systemic fix (rule/correlation/playbook/process), not as something to accept.

6. You want to shape the service: identify gaps, propose improvements, and help us grow and scale what works.

As an Detection & Response Engineer, You Will Have a Chance To

1. Manage incidents end-to-end, from detection and analysis to containment, eradication, and post-incident recovery.

2. Detection → Decision → Change: analyze alerts, add context, decide, and drive permanent improvements (rules, correlations, tuning, noise control).

3. Operate across stacks: when needed, dive into EDR/XDR, SIEM, identity, and cloud to investigate or validate changes.

4. Automate response: design/extend SOAR playbooks (enrich → decide → act), auto-close known good, bundle repeats, escalate true anomalies with evidence.

5. Work with industry-leading tools and improve automated and manual detection methods.

6. Monthly Research Day (paid): pick a topic and deliver a tangible output (playbook, correlation, POC, procedure).

What We Offer

1. The opportunity to work with a passionate and skilled team dedicated to advancing cybersecurity.

2. Access to the latest tools, technologies, and methodologies in cybersecurity.

3. A focus on professional growth with access to certifications, training programs, and hands-on experience.

4. A dynamic and evolving environment where your contributions have a direct impact on the security of clients worldwide.